Closed jirislav closed 5 years ago
It was possible to bind any volume which didn't belong to the user, because there was not performed the ownership check while binding.
This PR implements checking for volume ownership when binding.
For more information about why it is bad to allow mounting any volume, see #46.
Thanks, great find and fix.
lox
commented
5 years ago lox
commented
5 years ago
It was possible to bind any volume which didn't belong to the user, because there was not performed the ownership check while binding.
This PR implements checking for volume ownership when binding.
For more information about why it is bad to allow mounting any volume, see #46.